On the Impossibility of Simulation Security for Quantum Functional Encryption

TL;DR

This paper demonstrates that achieving simulation-secure functional encryption in the quantum setting is impossible, extending classical impossibility results to quantum adversaries and establishing new barriers under various assumptions.

Contribution

The work extends classical impossibility results for simulation-secure functional encryption to the quantum regime, including new proofs under weaker assumptions.

Findings

Unconditional impossibility when adversaries issue unbounded challenge messages.

Impossibility under pseudorandom quantum states with many functional keys.

Alternative impossibility based on public-key encryption, independent of pseudorandom states.

Abstract

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE (simulation security) has been shown to be impossible in the classical setting, those impossibility results rely on inherently classical arguments. This leaves open the question of whether simulation-secure functional encryption can be achieved in the quantum regime. In this work, we rule out this possibility by showing that the classical impossibility results largely extend to the quantum world. In particular, when the adversary can issue an unbounded number of challenge messages, we prove an unconditional impossibility, matching the classical barrier. In the case where the adversary may obtain many functional keys, classical arguments only yield impossibility under the assumption of pseudorandom functions; we strengthen this by proving impossibility under the potentially weaker assumption of pseudorandom quantum states. In the same setting, we also establish an alternative impossibility based on public-key encryption. Since public-key encryption is not known to imply pseudorandom quantum states, this provides independent evidence of the barrier. As part of our proofs, we show a novel incompressibility property for pseudorandom states, which may be of independent interest.